Am Mi, den 23.06.2004 schrieb olga@xxxxxxxxxxxxxx um 22:29: > I just have a question about the log messages I am receiving. Here's the > explanation of my setup. > > We used to have two servers: X and Y. We had Sendmail running only on one > of them (X). Last month we completely wiped everything and changed the > setup of what is running on each server. Now we have Sendmail running on > both servers. Most of the virtual domains/websites that USED to be on X > are NOW on Y. The mail works fine on both servers. Users on Y are > receiving mail perfectly. However, I am getting a LOT of 'relaying denied' > and 'relaying temporarily disabled' on the X server for the domains that > are currently on Y. > > I have checked the zone information for each of the domains on Y and they > have MX records listed correctly -- mail should first go to Y, then to X. > MX 10 Y.ns1.com > MX 15 X.ns2.com > > So my question is: if mail is received on Y why am is it still trying be > relayed though X for the domains that are on Y? Because that is SPAMmers behaviour to use a lower priority MX directly, because such hosts are often less secured and managed as the primary MX. > Here's a snippet of my log messages from /var/log/maillog: 1. example: > Jun 20 04:06:17 sendmail[30589]: i5K968bv030589: ruleset=check_rcpt, > arg1=<valeria@xxxxxxx>, relay=[61.51.250.44], reject=550 5.7.1 > <valeria@xxxxxxx>... Relaying denied. IP name lookup failed [61.51.250.44] > Jun 20 04:06:19 sendmail[30589]: i5K968bv030589: lost input channel from > [61.51.250.44] to MTA after rcpt > Jun 20 04:06:19 sendmail[30589]: i5K968bv030589: > from=<Carolyhcd@xxxxxxxxx>, size=0, class=0, nrcpts=0, proto=SMTP, > daemon=MTA, relay=[61.51.250.44] The mail is rejected because it does not resolve. About what do you complain? If it resolves on a different host, then you have a self made problem with not proper working DNS. 2. example (incomplete): > Jun 20 04:09:39 sendmail[30590]: i5K99b9w030590: ruleset=check_rcpt, > arg1=<webmaster@xxxxxxxx>, relay=YahooBB219007126054.bbtec.net > [219.7.126.54], reject=550 5.7.1 <webmaster@xxxxxxxx>... Relaying denied. > Proper authentication required. > Jun 20 04:09:39 sendmail[30590]: i5K99b9w030590: reject=550 5.7.1 Attempt to send to a not local domain. Proper action by Sendmail. If site.net is now on your server Y then the sender misbehaves. Very certainly just a SPAMmer. > And others: > Relaying denied. IP name lookup failed [220.89.226.158] Why do you think this is not ok? > Relaying denied. IP name possibly forged [65.91.92.64] The reason is different, "possibly forged" does not imply rejection. > Relaying denied. IP name lookup failed [219.248.33.52] See above. > And from the log file sent to root: > Relaying denied: > >From [actual ip address here] to radium@xxxxxxxxxx: 1 Times(s) > >From [actual ip address here] to alex@xxxxxxxxxx: 1 Times(s) No reason given. Who shell judge then? > Anything I can do about those messages? Each day I get about 200 or so of > these in root mail. (I have changed some sensitive info in the examples > that I provided, but the gist of it should be there.) > Thank you. > > Olga Conclusion: either you show real log entries where proper mail is rejected where it should have been accepted or take all examples from above as SPAM attempts. You may have a look at http://www.sendmail.org/~ca/email/relayingdenied.html Alexander -- Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 Fedora GNU/Linux Core 2 (Tettnang) on Athlon CPU kernel 2.6.6-1.435 Serendipity 22:43:02 up 21:21, 8 users, 1.03, 1.27, 1.26
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
